Updated on November 17 with new 2025 AI-driven mobile threat warning.
Google’s ongoing campaign to narrow the security and privacy gap between Android and iPhone, as well as the wider Google and Apple ecosystems has just taken its latest twist. For 2 billion Gmail users, this could completely change how you use email.
Apple’s Hide My Email feature lets users keep their personal email addresses private, away from the information brokers who sell lists of email addresses and phone numbers that drive the global scourge of spam and cold calling.
Now it seems Google has decided to follow suit—a surprise decision no-one saw coming and which was not touted with the other privacy and security updates this year. Per Android Authority, “sure, Gmail is an absolute champ at filtering out spam, but every time you share your email with someone even a little bit shady, do you feel like you’re playing with fire and risking a whole bunch of unwanted contact? Google may just have a solution in the works, at least by the looks of our latest teardown.”
“With Hide My Email,” Apple explains, “you can generate unique, random email addresses that forward to your personal email account, so you don’t have to share your real email address when filling out forms or signing up for newsletters on the web, or when sending email.”
While this enables users to forward these ghost email addresses to any email address associated with their iCloud account, it really comes into its own when used with Apple’s own Mail and Safari apps. This allows you to send messages directly from those shielded addresses, and also offers the option to easily create a ghost email address whenever you’re asked for an email address within a form on Safari.
Tearing down the new 24.45.33 APK release of Google Play Services, “and upon cracking it open,” the website explains it has found “a whole boatload of strings referencing and in support of something called ‘Shielded Email’.”
This system “to create single-use or limited-use email aliases that will forward messages along to your primary account.” And while “we could imagine that something like this might be pretty useful in Chrome,” which would mirror Apple’s approach, this current reveal is focused instead on “specifically addressing apps that ask for your email address,” which is why it’s been found in a Play update.
Again, just as with Apple and iPhone, while this likely won’t be restricted to Gmail, Google will only have full control over its functionality and the use of such shielded emails where it controls the email platform itself, which does mean Gmail.
This is a laudable move on Google’s part, and if it catches on as Apple’s Hide My Email has done, then it is a huge improvement for Android users, most of which will have one or more Gmail addresses associated with their accounts.
As noted by 9to5Google, “the experience looks to be integrated with Android’s autofill and presumably the Google Password Manager… It remains to be seen whether Google will charge for Shielded Email. Besides encouraging people to sign-up for Google One, making it paid could be a way to make sure functionality isn’t abused.”
Coming on the back of live threat detection and spam call warnings, it’s clear that the security and privacy gap is now narrowing. The only question for Android users remains how fast these updates rollout, and which device OEMs will get them. But given what we’ve seen already this week, it’s likely this new update will come to Pixels first, another concern for Samsung users currently in the queue for new features.
For now, unlike Apple’s alternative this leaked update appears mobile only—this is for Android users and there’s no news as yet as to whether this will make its way into desktop Gmail and other Google services accessed via Chrome. But once this is available, it would make sense to mimic the application of Apple’s Hide My Email across the full Google/Gmail ecosystem, not just apps.
There are also third-party apps that do the same, whether that’s one-time cloaked email addresses or a universal email address for use on websites and other services where you fear scam or you’re details making their way onto nefarious lists
The fact this is mobile only is unsurprising—your mobile device is fast becoming the largest threat to your data security and privacy, which extends to your work if you bring your device into the office or connect to company systems as most of us now do.
Zimperium’s Nico Chiaraviglio has just warned of “a strategic evolution in mobile security – evasive cyberattacks are now the new normal, as cybercriminals are becoming more sophisticated in their mobile phishing attacks.” This is clear in the weekly reports of new mobile malware campaigns. Almost all such attacks begin within phishing lures, which come via social media messaging apps or email.
Chiaraviglio now predicts that by next year ‘mishing,’ or mobile phishing, attacks “will become so sophisticated and evasive that modern tooling won’t be able to detect it. We will see the rise of AI-driven mobile malware capable of mimicking user behavior, making it far harder to detect using traditional methods.” Not only is the mobile phone central to this treat, but Android is more vulnerable than iPhone, making defenses on Google’s platform more critical.
Bottom line—when this new Gmail email cloaking makes it onto your device—and clearly there’s no confirmation on timing as yet, make sure you use it.
Read the full article here